Published

Revisiting a 2003 attack on the Linux kernel

Back in 2003, someone tried and failed to plant a security exploit into the Linux kernel code in a sophisticated and well-though-out operation. In light of yesterday’s revelations of NSA teams actively working to weaken software security, this incident from a decade ago raises some questions.

It also highlights why having the source code to your software is the only way to be sure it’s secure.

An unknown intruder attempted to insert a Trojan horse program into the code of the next version of the Linux kernel, stored at a publicly accessible database.

Security features of the source-code repository, known as BitKeeper, detected the illicit change within 24 hours, and the public database was shut down, a key developer said Thursday.

An intruder apparently compromised one server earlier, and the attacker used his access to make a small change to one of the source code files, McVoy said. The change created a flaw that could have elevated a person’s privileges on any Linux machine that runs a kernel compiled with the modified source code. However, only developers who used that database were affected–and only during a 24-hour period, he added.